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1 This action is in response to the communication filed on 7/6/2005. 

2 DETAILED ACTION 

3 Continued Examination Under 3 7 CFR 1.114 

4 A request for continued examination under 37 CFR 1.114, including the fee set forth in 

5 37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 

6 eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1 .17(e) 

7 has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 

8 37 CFR 1.114. Applicant's submission filed on 7/6/2005 has been entered. 

9 Response to Arguments 

10 Applicant's arguments with respect to claims 2-23 have been considered but are moot in 

1 1 view of the new ground(s) of rejection. 

12 Claims 2-23 have been examined. 

13 All objections and rejections not set forth below have been withdrawn. 

14 Specification 

15 Applicant is reminded of the proper language and format for an abstract of the disclosure. 

16 The abstract should be in narrative form and generally limited to a single paragraph on 

17 a separate sheet within the range of 50 to 150 words. It is important that the abstract not exceed 

18 150 words in length since the space provided for the abstract on the computer tape used by the 

19 printer is limited. The form and legal phraseology often used in patent claims, such as ''means" 

20 and "said, " should be avoided. The abstract should describe the disclosure sufficiently to assist 

2 1 readers in deciding whether there is a need for consulting the full patent text for details. 

22 The language should be clear and concise and should not repeat information given in the 

23 title. It should avoid using phrases which can be implied, such as, "The disclosure concerns, " 

24 "The disclosure defined by this invention, " "The disclosure describes, " etc. 
25 

26 The abstract of the disclosure as amended is objected to because 

27 Lines 4 and 8 contain legal phraseology ("said"), which must be removed. 

28 Correction is required. See MPEP § 608.01(b). 
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1 Claim Rejections - 35 USC §112 

2 The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

3 The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 

4 subject matter which the applicant regards as his invention. 

5 

6 Claims 9-10, and 16-17 rejected under 35 U.S.C. 112, second paragraph, as being 

7 indefinite for failing to particularly point out and distinctly claim the subject matter which 

8 applicant regards as the invention. 

9 Claim 9 recites the limitation "said key". The ordinary person skilled in the art would be 

10 unable to determine if this recitation was meant to refer to the "transport key", the "operation 

1 1 key" or the "application key". As such claim 9 and dependant claim 10 are rejected for failing to 

12 particularly point out and distinctly claim the subject matter which the applicant's regard as the 

13 invention. 

14 Claim 16 recites the limitation "the operation key temporarily saved within a second 

1 5 volatile memory of the first unit" in lines 2-3. There is insufficient antecedent basis for this 

1 6 limitation in the claim. 

17 Claim 17 recites the limitation "the operation key temporarily saved within a second 

18 volatile memory of the first unit" in lines 2-3. There is insufficient antecedent basis for this 

19 limitation in the claim. 

20 Claim Rejections - 35 USC §102 

21 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 

22 basis for the rejections under this section made in this Office action: 

23 A person shall be entitled to a patent unless - 



Art Unit: 2131 

* 

1 (b) the invention was patented or described in a printed publication in this or a foreign 

2 country or in public use or on sale in this country, more than one year prior to the date of 

3 application for patent in the United States. 
4 

5 Claims 2, 4-6, 8-10, 13-17, 19-20, and 23 are rejected under 35 U.S.C. 102(b) as being 

6 anticipated by Bestock et al. (US Patent Number 4,933,971) hereinafter referred to as Bestock. 

7 Regarding claim 20, Bestock disclosed a method for customizing a set of several second 

8 security units (See Bestock Fig. 2 and abstract), comprising: 

9 secure downloading of an application key from a first security unit of a central processing 

10 unit to said set of second security units (See Bestock Fig. 2 and Abstract), said first unit and 

11 second units each comprising at least one memory (See Bestock Col. 7 Lines 48-53), wherein the 

12 method further comprises for each second unit in said set: 

13 on each downloading, computing an operation key (KEK) in the first unit based on 

14 information specific to the second unit (KDT 0 ), a transport key (Transport Number), and a 

15 diversification algorithm (XOR) (See Bestock Col. 7 Paragraph 4, Col. 8 Paragraph 5, and Col. 

16 11 Paragraph 2), said transport key residing within the memory of the first security unit, said 

17 memory being non volatile (See Bestock Col. 7 Lines 22-30); 

18 encrypting the application key (KDTi) in the first unit based on information comprising 

19 said operation key and an encryption algorithm (See Bestock Col. 8 Lines 55-62); 

20 sending data comprising the encrypted application key to the second unit (See Bestock 

21 Col. 8 Lines 55-62); 

22 on each downloading, computing an operation key (KEKo) in the second unit based on 

23 information specific to the second unit (KDTo), the transport key (Variant Number) and the 

24 diversification algorithm (XOR) (See Bestock Col. 7 Lines 6-22 and Col. 1 1 Paragraph 2), the 

25 same transport key residing in the non-volatile memory of each second security unit of said set 

26 (See Bestock Col. 7 Lines 17-30), said operation key not being stored within the memory of said 

27 second unit (See Col. 7 Lines 6-22); and 

28 decrypting the encrypted application key in the second unit based on information 

29 comprising said operation key and a decryption algorithm which is the inverse of the encryption 

30 algorithm (See Bestock Col. 8 Line 63 - Col. 9 Line 8), 
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1 wherein said transport key residing within the memory of the first unit is present in the 

2 memory of the first unit prior to communicating with the second unit and the same transport key 

3 residing in the non-volatile memory of each second unit is present in the non-volatile memory of 

4 the second security unit prior to communicating with the first unit (See Bestock Col. 6 Lines 32- 

5 37 and Col. 7 Lines 17-30). 

6 Regarding claim 2, Bestock disclosed sending information specific to the second unit to 

7 the first unit before computing the application key in the first unit (See Bestock Col. 7 Lines 31- 

8 41). 

9 Regarding claim 4, Bestock disclosed sending information pertaining to an application 

10 key to the first unit, before encrypting the application key within said first unit (See Bestock Col. 

11 7 Lines 31-41). 

12 Regarding claim 5, Bestock disclosed choosing the application key to be encrypted based 

13 on said information pertaining to an application key (See Bestock Col. 8 Lines 45-49). 

14 Regarding claim 6, Bestock disclosed that the encryption of an application key intended 

15 for a second unit is unique (See Bestock Col. 8 Lines 55-62). 

16 Regarding claim 8, Bestock disclosed sending information pertaining to an application 

17 key to the second unit, before decrypting the encrypted application key within said second unit of 

18 said set (See Bestock Col. 8 Lines 55-62). 

19 Regarding claim 9, Bestock disclosed storing within the second unit, after decrypting the 

20 encrypted application key, said key within said second unit (See Bestock Col. 8 Line 63 - Col. 9 

21 Line 8). 

22 Regarding claim 10, Bestock disclosed that storing of the application key within the 

23 second unit is done based on information pertaining to an application key (See Bestock Col. 8 

24 Line 63 - Col. 9 Line 8). 

25 Regarding claim 13, Bestock disclosed that the memory comprises a rewritable memory 

26 (See Bestock Col. 8 Line 63 - Col. 9 Line 8). 
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1 Regarding claim 14, Bestock disclosed that a second unit comprises several application 

2 keys (See Bestock Col. 8 Line 63 - Col. 9 Line 8). 

3 Regarding claim 15, Bestock disclosed that the first unit comprises several application 

4 keys (See Bestock Col. 7 Lines 46-50). 

5 Regarding claim 16, Bestock disclosed that after encrypting the application key, erasing 

6 the operation key temporarily saved within the second volatile memory of the first unit (See 

7 Bestock Col. 8 Lines 55-68). 

8 Regarding claim 17, Bestock disclosed that after decrypting the application key, erasing 

9 the operation key temporarily saved within the second volatile memory of the first unit (See 

10 Bestock Col. 8 Lines 55-68). 

1 1 Regarding claims 19 and 23, Bestock disclosed sending the encrypted application key 

12 and the information pertaining to an application key to the second unit by means of a single 

13 second command (See Bestock Col. 8 Lines 55-62). 

1 4 Claim Rejections - 35 USC §103 

15 The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

16 obviousness rejections set forth in this Office action: 

17 A patent may not be obtained though the invention is not identically disclosed or 

18 described as set forth in section 102 of this title, if the differences between the subject 

1 9 matter sought to be patented and the prior art are such that the subject matter as a whole 

20 would have been obvious at the time the invention was made to a person having ordinary 

2 1 skill in the art to which said subject matter pertains. Patentability shall not be negatived 

22 by the manner in which the invention was made. 
23 

24 Claims 3, 18, and 21-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

25 Bestock as applied to claims 20, and 2-4 above respectively, and further in view of Menezes et 

26 al. ("Handbook of Applied Cryptography") hereinafter referred to as Menezes. 

27 Bestock disclosed sending information pertaining to an application key (See Bestock Col. 

28 7 Lines 58-61), and information specific to the second unit (See Bestock Col. 7 Lines 38-41) to 
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1 the first unit by means of a first single command (See Bestock Fig. 2 Step 36), but failed to 

2 disclose sending random information as well. 

3 Menezes teaches a method for strong authentication in which a random number is sent 

4 from one entity to another along with a message, and the second entity sends the random number 

5 back to the first in the next communication (See Menezes Page 398 Section (i)). 

6 It would have been obvious to the ordinary person skilled in the art at the time of 

7 invention to employ the teachings of Menezes in the keying system of Bestock by sending a 

8 random number with the message sent from the terminal to the host in order to authenticate the 

9 host. This would have been obvious because the ordinary person skilled in the art would have 

10 been motivated to protect against replay and interleaving attacks against the system. 

1 1 Claims 7 and 1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over Bestock 

12 as applied to claim 20 above, and further in view of Sullivan et al. (US Patent Number 

13 6,069,647) hereinafter referred to as Sullivan. 

14 Bestock disclosed exchanging an application key (See Bestock Col. 8 Lines 55-62), but 

15 failed to disclose verifying the integrity of the key at receipt or the authenticity of the key at 

16 receipt. 

17 Sullivan teaches that data should be digitally signed in order to verify the integrity and 

18 authenticity of the data (See Sullivan Col. 3 Paragraph 4). 

19 It would have been obvious to the ordinary person skilled in the art at the time of 

20 invention to employ the teachings of Sullivan in the key exchange system of Bestock by digitally 

21 signing the key at the host prior to sending the key and then verifying the signature at the 

22 terminal upon receipt. This would have been obvious because the ordinary person skilled in the 
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1 art would have been motivated to protect against illicit modification of the key data prior to the 

2 terminal receiving the key. 

3 Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Bestock as 

4 applied to claim 20 above, and further in view of Blaze (US Patent Number 5,696,823). 

5 Bestock disclosed storing keys at the host (See Bestock Col. 7 Lines 46-54) but failed to 

6 disclose the host comprising a smartcard. 

7 Blaze teaches that smartcards can be used to store keys (See Blaze Col. 1 Lines 11-16). 

8 It would have been obvious to the ordinary person skilled in the art at the time of 

9 invention to employ the teachings of Blaze in the key exchange system of Bestock by storing the 

10 keys in a smartcard. This would have been obvious because the ordinary person skilled in the art 

1 1 would have been motivated to protect against illicit access to the keys by, for example, 

12 tampering. 

13 Conclusion 

14 Claims 2-23 have been rejected. 

1 5 Any inquiry concerning this communication or earlier communications from the 

16 examiner should be directed to Matthew T. Henning whose telephone number is (571) 272-3790. 

17 The examiner can normally be reached on M-F 8-4. 

18 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

19 supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 

20 organization where this application or proceeding is assigned is 571-273-8300. 



* 
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Information regarding the status of an application may be obtained from the Patent 



2 Application Information Retrieval (PAIR) system. Status information for published applications 

3 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

4 applications is available through Private PAIR only. For more information about the PAIR 

5 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

6 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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